Re: DNS based ACLs failing

From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 07/01/04

• Next message: Bill Unruh: "Re: Unpatched Windows Vunerabilities"
• Previous message: Walter Roberson: "Re: Unpatched Windows Vunerabilities"
• In reply to: Dawn: "DNS based ACLs failing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 1 Jul 2004 18:15:36 GMT

In article <161d33ed.0407010917.651ab797@posting.google.com>,
Dawn <dawn.m.connelly@usace.army.mil> wrote:
:Starting some time in early June, we started getting reports of the
:uber annoying "I can't get to xyz webpage".

:The one common thread
:that I'm seeing is that it looks like the Denies happen when the https
:acl references a DNS query rather than an IP range. So any acl saying
:*.gov is good ain't working.

You haven't given us any information about what kind of equipment
you are using to impliment the DNS-based ACLs, and we cannot infer
it from your choice of newsgroups.

We -can- infer that you are not using Standard or Extended ACLs
under Cisco IOS or ACLs on a Cisco PIX, as those do not support
acls such as "*.gov". (But you might be using CBAC on Cisco IOS
I guess.)

-- 
This signature intentionally left... Oh, darn!

---

• Next message: Bill Unruh: "Re: Unpatched Windows Vunerabilities"
• Previous message: Walter Roberson: "Re: Unpatched Windows Vunerabilities"
• In reply to: Dawn: "DNS based ACLs failing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)